Microsoft unveils secure MCU platform with a Linux-based OS

Microsoft announced an “Azure Sphere” architecture for high-end microcontrollers that run a Linux-based Azure Sphere OS and include end-to-end Microsoft security technologies and a cloud service. Products based on a MediaTek MT3620 Azure Sphere chip are due by year’s end.Just when Google has begun to experiment with leaving Linux behind with its Fuchsia OS — new Fuchsia details emerged late last week — long-time Linux foe Microsoft unveiled an IoT platform that embraces Linux. Today at RSA 2018, Microsoft Research announced a project called Azure Sphere that is built around a new class of Azure Sphere microcontrollers that run “a custom Linux kernel” combined with Microsoft security technologies.

Azure Sphere OS architecture(click images to enlarge)

The Azure Sphere MCUs “combine both real-time and application processors with built-in Microsoft security technology and connectivity,” says Microsoft. “Each chip includes custom silicon security technology from Microsoft, inspired by 15 years of experience and learnings from Xbox.”

The new MCU architecture “combines the versatility and power of a Cortex-A processor with the low overhead and real-time guarantees of a Cortex-M class processor,” says Microsoft. The MCU includes a Microsoft Pluton Security Subsystem that “creates a hardware root of trust, stores private keys, and executes complex cryptographic operations.”

The IoT oriented Azure Sphere OS provides additional Microsoft security and a security monitor in addition to the Linux kernel. The platform will ship with Visual Studio development tools, and a dev kit will ship in mid-2018.

Azure Sphere security features(click image to enlarge)

The third component is an Azure Sphere Security Service, a turnkey, cloud-based platform. The service brokers trust for device-to-device and device-to-cloud communication through certificate-based authentication. The service also detects “emerging security threats across the entire Azure Sphere ecosystem through online failure reporting, and renewing security through software updates,” says Microsoft.

Arm assistance

The first Azure Sphere chip will be the MediaTek MT3620, which will ship in volume later this year, and the first products are set to ship by the end of the year. Interestingly, Arm, which might be considered a rival with its Cortex-M and -R MCU IP, is instead a partner. Arm “worked closely with us to incorporate their Cortex-A application processors into Azure Sphere MCUs,” says Microsoft.

Azure Sphere will target industries including whitegoods, agriculture, energy, and infrastructure. MediaTek is only the first of several silicon partners that will try out an Azure chip. Other members of its Silicon Ecosystem include Nordic, NXP, Qualcomm, ST Micro, Silicon Labs, Toshiba, and more (see image above)

“We’ve been working directly with leaders in the MCU space to build a broad ecosystem of silicon partners who will be combining our silicon security technologies with their unique capabilities to deliver Azure Sphere certified chips,” says Microsoft. The software giant has sweetened the pot by “licensing our silicon security technologies to them royalty-free.”

Microsoft learns to love Linux

In recent years, we’ve seen Microsoft has increasingly softened its long-time anti-Linux stance by adding Linux support to its Azure service and targeting Windows 10 IoT at the Raspberry Pi, among other experiments. Microsoft is an active contributor to Linux, and has even open-sourced some technologies.

It wasn’t always so. For years, Microsoft CEO Steve Ballmer took turns deriding Linux and open source while warning about the threat they posed to the tech industry. In 2007, Microsoft fought back against the growth of embedded Linux at the expense of Windows CE and Windows Mobile by suing companies that used embedded Linux, claiming that some of the open source components were based on proprietary Microsoft technologies. By 2009, a Microsoft exec openly acknowledged the threat of embedded Linux and open source software.

That same year, Microsoft was accused of using its marketing muscle to convince PC partners to stop providing Linux as an optional install on netbooks. In 2011, Windows 8 came out with a new UEFI system intended to stop users from replacing Windows with Linux on major PC platforms.

Azure Sphere promo video

Further information

Azure Sphere is available as a developer preview to selected partners. The MediaTek MT3620 will be the first Azure Sphere MCU, and products based on it should arrive by the end of the year. More information may be found in Microsoft’s Azure Sphere announcement and product page.